The team behind the open source PrestaShop ecommerce platform has issued a public advisory to warn of zero day SQL injection attacks hitting merchant servers and planting code capable of stealing customer payment information.
SonicWall Warns of Critical GMS SQL Injection Vulnerability
Network security appliance vendor SonicWall late Thursday shipped urgent patches for a critical flaw in its Global Management System (GMS) software, warning that the issue exposes businesses to remote hacker attacks.
Intezer Documents Powerful ‘Lightning Framework’ Linux Malware
Security researchers at Intezer are documenting the discovery of a powerful piece of Linux malware that can stay undetected and has the ability to install rootkits.
Understanding the Evolution of Cybercrime to Predict its Future
An analysis of the evolution of cybercrime from its beginnings in the 1990s to its billion-dollar presence today has one overriding theme: the development of cybercrime as a business closely mimics the evolution of legitimate business, and will continue to evolve to improve its own ROI.
Anvilogic Scores $25 Million Series B to Tackle SOC Modernization
Anvilogic, a Silicon Valley startup working on technology to modernize the Security Operations Center (SOC), has deposited $25 million in a new investment round led by Outpost Ventures.
Apple Ships Urgent Security Patches for macOS, iOS
It’s a very busy Patch Wednesday for computer users running Apple’s flagship macOS and iOS devices.
Apple’s security response team has pushed out software fixes for at least 39 software vulnerabilities haunting the macOS Catalina, iOS and iPadOS platforms.
Push Security Banks $4 Million Seed Funding
Push Security, a British startup building technology to help defenders manage cloud software sprawl and shadow IT, has banked $4 million in early-stage venture capital funding.
Huntress Acquires Security Awareness Training Startup Curricula for $22M
Managed detection and response (MDR) platform provider Huntress has shelled out $22 million to acquire Curricula, a startup in the growing security awareness business.
Huntress, based in Ellicott City, Maryland, said the deal adds a fun, story-based security awareness training platform to its stable of cybersecurity offerings.
Moussouris: U.S. Should Resist Urge to Match China Vuln Reporting Mandate
A prominent cybersecurity executive is calling on the U.S. government to resist the urge to match China’s reported mandates around early vulnerability disclosure, warning that such a move would “meaningfully and dramatically increase the risk” of zero-day flaws landing in the wrong hands.
DLL Hijacking Flaw Fixed in Microsoft Azure Site Recovery
Microsoft’s massive Patch Tuesday rollout this month included fixes for multiple high-severity vulnerabilities impacting the Azure Site Recovery service.
